<?php
/*
	Copyright 2006, 2007, 2008, 2009, 2010 Bastiaan Grutters
    
    This file is part of Ages of Strife website.

    Ages of Strife website is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    Ages of Strife website is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with Ages of Strife website.  If not, see <http://www.gnu.org/licenses/>.
 */
session_start();
include( "../global/utils.php");

$username = $_POST[ 'username' ];
$password = $_POST[ 'password' ];

if ( isset( $username ) && isset( $password ) && ( $password != "" || $username != "" ) ) {
	include_once( "../global/old_database_connection.php" );
	$query = "SELECT password, username, user_id, admin FROM users WHERE username = '" . formatInput( $username ) . "'";
	$result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
	$row = mysql_fetch_array($result, MYSQL_ASSOC);
	if( isset( $row[ 'user_id' ] ) ) {
		$password_check = $row[ 'password' ];
		$password_check2 = crypt( $password, $password_check );
		// TODO fix check after a reset when passwords are alright again
		if( $password_check2 == $password_check ) { 
	 	    session_set_cookie_params ( 0 );
	 	    $_SESSION[ 'login' ] = 1;
		    $_SESSION[ 'user_id' ] = $row[ 'user_id' ];
			$query2 = "SELECT ruler_id FROM ruler WHERE user_id = " . $_SESSION[ 'user_id' ];
			$result2 = mysql_query( $query2 ) or die( "Query failed : " . mysql_error() );
			$row2 = mysql_fetch_array( $result2, MYSQL_ASSOC);
			mysql_free_result($result);
			mysql_close($link);
		    if( $row[ 'admin' ] == 1 ) {
				if( isset( $row2[ 'ruler_id' ] ) ) {
				    $_SESSION[ 'ruler_id' ] = $row2[ 'ruler_id' ];
				}
			    $_SESSION[ 'admin' ] = 1;
				header( "Location: admin.php" );
		    }
		    else {
				if( isset( $row2[ 'ruler_id' ] ) ) {
				    $_SESSION[ 'ruler_id' ] = $row2[ 'ruler_id' ];
					header("Location: ../overview/overview.php");
				}
				else {
					header("Location: ../global/sign_up.php");
				}
		    }
		}
		else
		{
			$_SESSION[ 'login_status' ] = "Incorrect password!";	
			mysql_close( $link );
			$_SESSION['login'] = 0;
			header( "Location: admin_login.php" );
		}
	}
	else {
		$_SESSION[ 'login_status' ] = "Unknown username.";	
		header( "Location: admin_login.php" );
	}
}
else {
	$_SESSION[ 'login_status' ] = "Enter your username and password.";	
	header( "Location: admin_login.php" );
}
?>